Sharing folder or nas

Hello everybody

I love the CUBOS operating system … for a variety of reasons for ask to you one hand.
I use it as a desktop and laptop …

I’m having trouble sharing folders via SAMBA for standalone VMs running Linux Mint Deb.

Also I would like to create a Free Nas machine to share with all other virtual machines in the same laptop.

I state that I don’t want to touch the sys-firewall for security reasons.

Can you give me a hand and show me how to proceed with a few clear steps?

Thank you very much

PS: I’m from Cytrix Xen and of course it’s a whole other world.

Federico Gavazzi

Honestly I don’t see the point of using Qubes OS then.

You’re connecting all VMs with Samba which is not known for its security. So if one of your VMs is owned, your others can be easily exploited via that Samba server as well.

You might want to reconsider your use case (either for the Samba server or for Qubes OS).

1 Like

If you read Federico’s post properly you will see that he says he wants
to samba share between some standaloneVMs, not all VMs.

There are many use cases where you might want to use Qubes while
sharing data between individual qubes, usually within the same security
domain.

As far as sharing with Samba, then you should connect the qubes to
another netvm - not sys-firewall, because it’s stated that you dont want
to touch sys-firewall. Then implement standard firewall rules to allow
samba traffic between the qubes - read
https://www.qubes-os.org/doc/firewall - the section on “Enabling
networking between two qubes”

You can find the firewall config you need at www.samba.org - basically
udp 137/138 and tcp 139/445.

As for a shared storage qube, the simplest implementation would be to
run rsync over qrexec - take a look at
https://github.com/unman/qubes-sync where I discuss, and provide a
solution.

OK
I have 2 VMs
I have to share persistent files, ie inside a folder of one of the 2 machines, or set up a new machine for this.

Do you have a way to do it?
I’m not interested in using samba … ok?
I need a repository from which my machines can download files. Indifferent the type …
limits
100 Gb of space
Access via folder and mint deb linux interface.

Is there any way?
thank you very much to those who want to answer.
Federico Gavazzi

You are aware of the ‘Copy to another VM’ feature aka qvm-copy?

OK
I have 2 VMs
I have to share persistent files, ie inside a folder of one of the 2 machines, or set up a new machine for this.

Do you have a way to do it?
I’m not interested in using samba … ok?
I need a repository from which my machines can download files. Indifferent the type …
limits
100 Gb of space
Access via folder and mint deb linux interface.

Is there any way?
thank you very much to those who want to answer.
Federico Gavazzi

Hi again Frederico,

sorry for misunderstanding (“all” vs “two”/“some”) you in the first place, unman was right about that.

In general the following decision matrix for data sharing applies:

a. Qubes tools installed on involved VMs, rare data sharing --> qvm-copy

b. Same VM OS, lots of data sharing --> make one VM out of the two and/or move the less shared data to a dedicated VM (there’s no real security need for a split)

c. Different OS, no Qubes tools installed, lots of data sharing (your case it seems) -->

Build a network infrastructure looking like this:

sys-net – sys-fw – sys-server-net – your VM 1
>
> – your VM 2

I.e. create a new VM sys-server-net and connect your VMs with qvm-prefs [your VM 1] netvm sys-server-net to the sys-server-net VM. Also connect the sys-server-net VM to your sys-fw, if you need internet access (otherwise not needed): qvm-prefs sys-server-net netvm sys-fw.

Then you could install your Samba server (or ssh or whatever you prefer) on sys-server-net and you’ll have to allow whatever connections you want to allow between the VMs on sys-server-net: Edit /rw/config/qubes-firewall-user-script on sys-server-net and make it executable for that. It’s standard iptables as in any other environment, i.e. you’ll probably have to allow access on the INPUT chain if you installed a server on sys-server-net. You can only break networking stuff related to your two VMs on sys-server-net, so nothing to worry about. See [1] for details.

unman pretty much said the same though. His sync tool might be an alternative; I’m just not sure whether it works without any Qubes tools installed.

[1] https://www.qubes-os.org/doc/firewall

Best Regards!